i get this little bugger poping up every start up, my microsoft security essentials stops initial attempt and there no threat till next start up. I was wondering, if there any tools to check and remove items that actually initiate execution.

I assume this is may be a registry entry that can be removed, how would i effectively search for it.

1 Answer
1

1: On another computer navigate to www.malwarebytes.org and download the free version.
2: Put the MWB installer on a USB drive, external HDD, or burn it to a CD.
3: On the infected computer, start in Safe Mode With Networking (on boot, press F8 repeatedly after the BIOS POST screen disappears, this brings up the startup options)
4: Once booted into safe mode connect the USB drive/external HDD/insert the CD; run the MWB installer.
5: When the installer finishes it will have the option to update and run the program before pressing the Finish button, make sure both are checked and press Finish.
6: MWB will update automatically, then start the program. Just to double check we are using the most recent version, go to the update tab and tell it to update, it should pop up and tell you it already has the latest definitions.
7: Go to the scan tab, and run a full scan.
8: When finished, remove all infected items and reboot into normal mode.
9: Inside normal mode open MWB, update again, and full scan again.
10: At this point your computer should be usable and 90% clean. Go ahead and check that your anti-virus is working normally, and run any other AV/anti-spyware utilities you want to run. I usually run the normal AV and Spybot just to be sure we've gotten as much as we can without any actual work.

If you are still infected at this point, or if the infection reappears then the safest course of action is going to be to backup any data that you haven't backed up already (run backups regularly!!) and format/reinstall.

sorry pantsburgh but although i find registry keys and can remove them, i cant find what writes them to registry. I assume something else in registry executes something else that writes these keys that then execute this..... i think its a wipe time.
–
GnrlBzikNov 12 '10 at 14:05